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Administrative Patent Judges. 

JEFFERY, Administrative Patent Judge. 



DECISION ON APPEAL 1 
Appellants appeal under 35 U.S.C. § 134(a) from the Examiner's 
rejection of claims 1-8, 11-35, and 37-53. Claims 9, 10, and 35 have been 
canceled. App. Br. 27, 32. We have jurisdiction under 35 U.S.C. § 6(b). 
We reverse. 



1 The two-month time period for filing an appeal or commencing a civil 
action, as recited in 37 C.F.R. § 1.304, or for filing a request for rehearing, 
as recited in 37 C.F.R. § 41.52, begins to run from the "MAIL DATE" 
(paper delivery mode) or the "NOTIFICATION DATE" (electronic delivery 
mode) shown on the PTOL-90A cover letter attached to this decision. 
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STATEMENT OF THE CASE 

Appellants invented a method and device for improving the 

performance of secure communications between network devices. See 

generally Spec. 1. Claim 1 is illustrative: 

1 . A method for secure communications between a client and a 
server, comprising: 

managing a communications negotiation between the client 
and the server through an intermediate device that supports a direct 
mode and a proxy mode; 

receiving encrypted data packets from the client with the 
intermediate device; 

decrypting each encrypted data packet with the intermediate 
device; 

forwarding unencrypted data packets from the intermediate 
device to the server using a communication session negotiated by 
the client and the server when the intermediate device operates in 
direct mode; 

forwarding unencrypted data packets from the intermediate 
device to the server using a communication session negotiated by 
the server and the intermediate device when the intermediate 
device operates in proxy mode; 

receiving data packets from the server; 

encrypting the data packets from the server; and 

forwarding encrypted data packets to the client. 



The Examiner relies on the following as evidence of unpatentability: 



Holtey 


US 5,293,424 


Mar. 8, 1994 


Boeuf 


US 6,009,502 


Dec. 28. 1999 


Fujiyama 


US 6,052,728 


Apr. 18, 2000 


Weinstein 


US 6,094,485 


July 25, 2000 


Maloney 


US 6,253,337 Bl 


June 26, 2001 


Cohen 


US 6,389,462 Bl 


Mar. 14, 2002 
(filed Dec. 16, 1998) 
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Gelman 



US 6,415,329 Bl 



July 2, 2002 
(filed Oct. 30, 1998) 
Oct. 29, 2002 
(filed Oct. 2, 1997) 
Nov. 19, 2002 
(filed Feb. 27, 1999) 
Nov. 16, 2004 
(filed Dec. 28, 2000) 



Bellaton 



US 6,473,425 Bl 



Ellis 



US 6,484,257 Bl 



Harper 



US 6,820,215 B2 



The Rejections 



1. The Examiner rejected claims 1-8, 11, 45-47, 51, and 53 under 
35 U.S.C. § 102(e) as anticipated by Ellis. Ans. 4-7. 2 

2. The Examiner rejected claims 12, 14, and 48 under 35 U.S.C. 
§ 103(a) as unpatentable over Ellis and Fujiyama. Ans. 8. 

3. The Examiner rejected claims 13 and 15 under 35 U.S.C. § 103(a) 
as unpatentable over Ellis, Fujiyama, and Bellaton. Ans. 8-9. 

4. The Examiner rejected claims 16, 17, and 19 under 35 U.S.C. 
§ 103(a) as unpatentable over Ellis and Gelman. Ans. 9-11. 

5. The Examiner rejected claim 18 under 35 U.S.C. § 103(a) as 
unpatentable over Ellis, Gelman, and Holtey. Ans. 11. 

6. The Examiner rejected claims 20-22, 27, 29, 33-35, 38, 39, 41, and 
52 under 35 U.S.C. § 103(a) as unpatentable over Ellis and Maloney. Ans. 
11-14, 19-21. 

7. The Examiner rejected claims 23-25 under 35 U.S.C. § 103(a) as 
unpatentable over Ellis, Maloney, and Cohen. Ans. 15-16. 



2 Throughout this opinion, we refer to (1) the Appeal Brief filed February 7, 
2007; (2) the Examiner's Answer mailed May 29, 2008; and (3) the Reply 
Brief filed July 29, 2008. 
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8. The Examiner rejected claims 26, 28, and 40 under 35 U.S.C. 
§ 103(a) as unpatentable over Ellis, Maloney, and Bellaton. Ans. 16-17, 
22-23. 

9. The Examiner rejected claims 30 and 42 under 35 U.S.C. § 103(a) 
as unpatentable over Ellis, Maloney, and Holtey. Ans. 17, 23-24. 

10. The Examiner rejected claims 31 and 43 under 35 U.S.C. § 103(a) 
as unpatentable over Ellis, Maloney, and Boeuf. Ans. 17-18, 24. 

11. The Examiner rejected claims 32 and 44 under 35 U.S.C. § 103(a) 
as unpatentable over Ellis, Maloney, and Weinstein. Ans. 18-19, 25. 

12. The Examiner rejected claim 37 under 35 U.S.C. § 103(a) as 
unpatentable over Ellis, Maloney, and Harper. Ans. 21-22. 

13. The Examiner rejected claim 49 under 35 U.S.C. § 103(a) as 
unpatentable over Ellis and Holtey. Ans. 25-26. 

14. The Examiner rejected claim 50 under 35 U.S.C. § 103(a) as 
unpatentable over Ellis and Harper. Ans. 26-27. 

The Anticipation Rejection Over Ellis 
Regarding independent claim 1, the Examiner finds that Ellis 
discloses all recited limitations, including forwarding unencrypted data 
packets from the intermediate device (i.e., an agent server) to the server in 
both the direct and proxy mode by redirecting communications to the 
intended final destination, which includes a client or main server. Ans. 4-5, 
27-29. Appellants argue, among other things, that the disclosed final 
destination in Ellis is not the main server, and therefore Ellis does not 
forward data packets from an intermediate device (i.e., the agent server) to a 
server as recited in claim 1. See App. Br. 18-20; Reply Br. 5-8. 
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The issue before us, then, is as follows: 
ISSUE 

Under § 102, has the Examiner erred in rejecting claim 1 by finding 
that Ellis discloses forwarding unencrypted data packets from the 
intermediate device to the server using a session negotiated by: (a) the client 
and server in direct mode, and (b) the server and intermediate device in 
proxy mode? 

FINDINGS OF FACT 

1 . Ellis discloses a client, agent, and main server system that 
operates transparently within a network. The system includes clients or 
hosts (e.g., 210, 215, 225, 230), main server 220, and agents (shown to the 
right of Destination Clientl 230). Ellis, col. 6, 11. 2-5; col. 14, 11. 55-60; Fig. 
2. 

2. As part of Ellis' start up procedure, the Agent Server(s) register 
and authenticate with the Main Server at step 405, while the Client(s) 
connect to the Main Server and authenticate at 420. Ellis, col. 7, 11. 17-25 
Fig. 4. 

3. In determining whether to accept a new session, Ellis explains 
that the Main Server decides whether the Main Server has the available 
processor resources to handle the load. If not, the Main Server then 
determines if an Agent Server has the resources to service the session. If the 
Agent Server can handle the session, the Main Server will transfer the 
session to the Agent Server. Then, the Agent Server decrypts the 
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communication and redirects the communication to the intended final 
destination. Ellis, col. 7, 11. 25-47, 57-59; col. 7, 1. 66 - col. 8, 1. 3. 

4. Ellis describes the final destination (e.g., 5B40) as a client or 
host. Ellis, col. 8, 1. 54-col. 9, 1. 28; Figs. 5A-B. 

5. Ellis' invention uses client server and agent technology. Ellis, 
col. 6, 11. 9-12 

ANALYSIS 

Based on the record before us, we find error in the Examiner's 
anticipation rejection of claim 1 which calls for, in pertinent part, forwarding 
unencrypted data packets from the intermediate device to the server using a 
session negotiated by: (1) client and server in direct mode and (2) client and 
intermediate server in proxy mode. Ellis' system has clients (e.g., 210, 215, 
225, 230), a main server 220, and agents (shown to the right of Destination 
Clientl 230). FF 1. As part of the start up procedure, the agents or agent 
servers register and authenticate with the main server, and the clients 
connect to a main server and authenticate. FF 2. Ellis thus negotiates 
communication sessions between both (1) the client and main server, and (2) 
the agent server and the main server. Furthermore, the Examiner maps Ellis' 
agents to the claimed intermediate device. See Ans. 28. Ellis therefore 
discloses negotiated communication sessions between both (1) the client and 
a server and (2) the intermediate device and a server as recited in claim 1. 

Before receiving data packets from the client (e.g., accept a new 
session), Ellis explains that the main server determines whether the main 
server has the available processor resources to handle the load. See FF 3. If 
not, the main server will determine if an agent server has sufficient resources 
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to service the session. See id. If the agent server can handle the session, the 
main server will transfer the data packets to the agent server. See id. Then, 
the agent server decrypts the communication and redirects the 
communication to the intended final destination. Id. In this later scenario, 
the Examiner indicates that the final destination includes the main server, 
such that the intermediate device (e.g., the agent server) forwards the 
communication to the server as required by claim 1. See Ans. 28. We 
disagree. 

Ellis discloses the destination as clients or hosts (e.g., 225 or 230) — 
not main server 220. See FF 1, 4. Ellis thus fails to state explicitly that the 
final destination includes the main server. Notably, Ellis discloses a client 
server on one occasion (FF 5), and Appellants admit as much {see Reply Br. 
5). But this discussion still does not address the main server as the final 
destination. We therefore find that interpreting Ellis' final destination as a 
main server is not supported by Ellis. 

Moreover, while Ellis states the client can be a client server (see FF 
5), the main server — not the client server — negotiates the communication 
sessions in the direct and proxy modes. Thus, in this scenario, the 
forwarding of the data packets from an intermediate device (e.g., the main 
server) to a server (e.g., a client server) would not occur using a 
communication session negotiated by the client and server, as required by 
claim 1. Ellis therefore does not disclose forwarding unencrypted data 
packets from the intermediate device to the server using a communication 
session negotiated by: (1) the client and the server or (2) the server and the 
intermediate device as claimed. Additionally, in this mode, the intermediate 
device (e.g., main server) would differ from the intermediate device (e.g., 
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agent server) in the proxy mode, and therefore fails to disclose forwarding 
the unencrypted data packets from the same intermediate device to the server 
as required by claim 1. 

We are therefore persuaded that the Examiner erred in rejecting (1) 
independent claim 1; (2) independent claim 45 3 which recites commensurate 
limitations; and (3) dependent claims 2-8, 11, 46, 47, 51, and 53 for similar 
reasons. Since this issue is dispositive of our reversal of the Examiner's 
rejection, we need not address Appellants' other arguments (App. Br. 18-22; 
Reply Br. 4-10). 

The Obviousness Rejections 
Regarding claims 12-35, 37-45, 48-50, and 52, the Examiner has 
rejected these claims using Ellis in combination with at least one other 
reference. See Ans. 8-27. Appellants present numerous arguments 
addressing different dependent claims rejected under § 103. See App. Br. 
23-25; Reply Br. 10. 

Each obviousness rejection relies on Ellis to disclose forwarding 
unencrypted data packets from the intermediate device to the server using a 
session negotiated by: (1) a client and server in direct mode and (2) the 
intermediate device and server in proxy mode as recited in independent 
claims 1 and 45. Similarly, the Examiner relies on Ellis to teach 
commensurate limitations of forwarding decrypted application data from the 
intermediary device to a server using a negotiated session between the client 



3 Claim 45 recites "a server" in the second clause of the claim, but later 
recites "the servers." We deem this inconsistency a harmless typographical 
error. 
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and the server as recited in independent claim 20 or the acceleration 
apparatus adapted to forward the decrypted data packets to a server using a 
session negotiated by: (1) client and server in direct mode and (2) 
acceleration device and server in proxy mode as recited in independent claim 
33. See Ans. 11-12, 19-20. As explained above, we are persuaded by 
Appellants' argument that Ellis fails to teach this feature of forwarding 
unencrypted data packets from the intermediate, intermediary, or 
acceleration device to the server using a session negotiated by: (1) the client 
and the server, or (2) the intermediate, intermediary, or acceleration and the 
server as recited. 

The Examiner has not shown that the additional cited prior art 
references cure this deficiency. For the above reasons, Appellants have 
shown the Examiner erred in rejecting claims 12-35, 37-45, 48-50, and 52 
under 35 U.S.C. § 103. 

CONCLUSION 

The Examiner erred in rejecting (1) claims 1-8, 11, 45-47, 51, and 53 
under § 102, and (2) claims 12-35, 37-50, and 52 under § 103. 

ORDER 

The Examiner's decision rejecting claims 1-8, 11-35, and 37-53 is 
reversed. 



REVERSED 
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